Sensitive Values
Secrets for Sensitive Values
To manage sensitive information such as the Appcircle initial user password, SMTP password, SSL certificates, and other secrets, it is recommended to use Kubernetes secrets. This ensures that sensitive data is stored securely and can be accessed by applications running within the cluster in a controlled manner.
The configurations for secret values should be done before the first deployment and cannot be changed later. To modify these settings, you should uninstall Appcircle and redeploy it.
The commands below assume you have already created a namespace for Appcircle. If you haven’t yet, you can create the Appcircle namespace using the following commands:
# Create the namespace
kubectl create namespace appcircle
Make sure to replace appcircle with your preferred namespace name if necessary.
You can follow the steps below to create a secret for each sensitive value.
If the HISTCONTROL environment variable is set to ignoreboth, commands with a leading space character will not be stored in the shell history. This allows you to create secrets safely without storing sensitive information in the shell history.
Appcircle initial user password
- Create a secret with the name
${releaseName}-auth-keycloak-passwordscontaining theinitialPasswordandadminPasswordkeys.
In the example, appcircle-server is used as the release name. Make sure to replace it with your actual release name if it's different.
kubectl create secret generic appcircle-server-auth-keycloak-passwords \
--from-literal=initialPassword=Test1234 \
--from-literal=adminPassword=KeycloakAdminPassword1234 \
-n appcircle
- Remove the
.auth.auth-keycloak.initialPasswordand.auth.auth-keycloak.adminPasswordkeys from thevalues.yamlfile if they exist.
SMTP password
- Create a secret with the name
${releaseName}-smtpcontaining thepasswordkey.
In the example, appcircle-server is used as the release name. Make sure to replace it with your actual release name if it's different.
kubectl create secret generic appcircle-server-smtp \
--from-literal=password="superSecretSMTPPassword" \
-n appcircle
- Remove the
.global.mail.smtp.passwordkey from thevalues.yamlfile if it exists.
SSL certificate
- Create a secret with the name
appcircle-tls-wildcardcontaining thetls.crt,tls.keyandca.crtkeys.
The name appcircle-tls-wildcard is reserved and cannot be changed.
kubectl create secret generic appcircle-tls-wildcard \
--from-file=tls.crt='fullchain.crt' \
--from-file=tls.key='private.key' \
--from-file=ca.crt='root-ca.crt' \
--type=kubernetes.io/tls \
-n appcircle
- Remove the
.global.tlsWildcardkey from thevalues.yamlfile if it exists.
Apply Configuration Changes
To apply configuration changes to the Appcircle server installation, update the Helm release with the new configuration using the following command:
The namespace, release name, and Helm repository name in the example command below are written for the example installation document. If you have changed these values while installing the Appcircle server, adjust the values if required.
helm upgrade appcircle-server appcircle/appcircle \
-n appcircle \
-f values.yaml
Need help?
Get help from Appcircle's support team, or see how others are using Appcircle by joining our Slack Channel.
